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REMARKS 

Applicant expresses appreciation to the Examiner for consideration of the subject patent 
application. This Response is in response to the Office Action mailed August 18, 2009. Claims 
1-8, 10-12, 14, 16 and 19 were rejected. 

Claims 1-8, 10-12, 14, 16 and 19 were originally presented. Claims 1-8, 10-12, 14, 16 
and 19 remain in the application. No claims have been added, amended, or canceled. 

Claim Rejections - 35 U.S.C. $ 103 

Claims 1-8, 10-11, 16 and 19 (including independent claims 1, 11, 16 and 19) were 
rejected under 35 U.S.C. § 103 as being unpatentable over De Silva et al. (US 2007/01 10078) in 
view of Shankar et al. (US 2004/0066781). 

De Silva discloses connectivity for a port of a device of a customer network to a provider 
network accessing a Virtual Local Area Network (VLAN) mapping data structure. (De Silva 
Abstract). The frame mapping logic of the port appends a provider VLAN and provider Cost of 
Service (CoS) value to the frame (De Silva paragraph [0066]). When the frame is passed through 
the switches in the provider network, the switches utilize the frame's destination address (DA) 
and the appended provider frame data for prioritizing and forwarding the frame (De Silva 
paragraph [0078]). De Silva removes the provider VLAN at the outbound or user port instead of 
the inbound port (i.e., the provider port). In addition, the intermediate switches use the provider 
CoS value, instead of the user CoS value. 

In contrast, independent claim 1 sets forth a method of processing a packet sent to a 
provider network, the method comprising: 

. . . creating a tunnel from the first user port at the first edge switch to a second user 
port at a second edge switch using double VLAN tagging by inserting a provider VLAN 
tag, including a provider VID, into the packet at a first provider port at the first edge switch 
prior to transmission of the packet via the first provider port and stripping the provider 
VLAN tag from the packet after the packet is received by a second provider port at the 
second edge switch, wherein the first provider port is an output port of the first edge switch, 
wherein the second provider port is an input port of the second edge switch, and wherein the 
second user port is an output port of the second edge switch; and 
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utilizing the user VLAN tag by a middle switch to determine a class of service for 
the packet so as to provide a user-expected service level in relation to traffic flowing 
through said tunnel. 

De Silva fails to disclose the middle switch determining the class of service or priority for 
the packets using the user VLAN tag as in claim 1. Instead, De Silva utilizes the provider CoS 
value contained in the provider user priority field to determine which particular transmission 
queue should be utilized for the packet (De Silva paragraph [0078]). The customer VLAN and 
CoS values are not used by the middle switches in De Silva. Thus, De Silva does not disclose or 
teach utilizing the user VLAN tag by a middle switch as in claim 1 . 

The Office Action asserts that De Silva "teaches utilizing the user VLAN tag by a middle 
switch to determine a class of service level in relation to traffic flowing through the tunnel (see 
Figures 3-5, and 7, and paragraphs 96-97, the frame mapping logic 350 performs a look-up on 
the port's Ingress VLan mapping table utilizing the frame's customer VLAN to derive a CoS 
table index value)" (Office Action page 4, lines 19-22). De Silva fails to disclose or render 
obvious utilizing the user VLAN tag by a middle switch to determine a class of service for the 
packet as claimed in claim 1 because the port described in paragraphs [0096-0097] of De Silva is 
a not a middle switch. Paragraphs [0096-0097] are from the section of De Silva entitled 
"Tunneling Customer BPDU Messages". Tunneling generally enables one network to send data 
via another network's connections. Tunneling works by encapsulating a network protocol within 
packets carried by the second network. By using tunneling a payload can be carried over an 
incompatible delivery-network, or provide a secure path through an untrusted network. For 
example, a network may embed a protocol specific to that network within TCP/IP packets 
carried by the Internet. 

In terms of double-tagged packets, the user tags generally may comprise the network 
specific protocol and the provider tags may comprise the TCP/IP protocol. Tunneling with 
double-tagged packets involves insertion of a provider tag to a user packet which may or may not 
have user tags. The provider tag is inserted in a packet at an edge device and is not removed 
until the packet reaches another edge device in order to maintain security and/or allow 
transmission of the different payload protocol. The port described in the cited paragraphs of De 
Silva cannot be on a middle switch because the port is inserting a Provider tag and thus must be 
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on an edge device, else tunneling is not being accomplished. If tunneling is not accomplished 
then De Silva fails to disclose "creating a tunnel from the first user port at the first edge switch to 
a second user port at a second edge switch" and the Office Action has failed to demonstrate a 
prima facie case. If tunneling is accomplished then the De Silva port is not on a middle switch 
and the Office Action has failed to demonstrate a prima facie case. Because the discussion is 
regarding tunneling, the device must be an edge device rather than a middle switch and the 
Office Action has failed to demonstrate a middle switch utilizing the user VLAN tag to 
determine a class of service for the packet. 

Neither the De Silva reference nor the Shankar reference teach or suggest all of the 
elements of claim 1 . Specifically, the references do not teach utilizing the user VLAN tag by a 
middle switch to determine a class of service for the packet so as to provide a user-expected 
service level in relation to traffic flowing through said tunnel. Therefore, Applicant respectfully 
submits that claim 1 is allowable, and urges the Examiner to withdraw the rejection. Claims 2-8 
are allowable at least for their dependence on claim 1. Claims 10-11, 16 and 19 are allowable for 
the reasons described above regarding claim 1. 

Regarding claim 4, Applicant disputes the assertion that De Silva discloses that the user 
VID is assigned to be a port VID associated with the user port. The Office Action has cited 
paragraph [0062] of De Silva as support for this assertion, but the cited reference fails to state 
that the user VID is assigned to be a port VID associated with the user port. Rather, the citation 
states that a default "customer" VLAN is derived from a default frame VLAN table and no 
indication is given of any relationship between the default "customer" VLAN and a port VID 
associated with the user port. 

Regarding claim 5, Applicant disputes the assertion that De Silva discloses a provider 
VID which is a VID of a destination VLAN. The cited paragraph [0065] of De Silva does not 
describe a VID and the Office Action cannot properly make the assumption that an un-discussed 
provider VID is a VID of a destination VLAN. 

Regarding claim 6, Applicant disputes the assertion that De Silva discloses a provider 
VID which is a port VID associated with the input port. The cited paragraph [0062] of De Silva 
does not describe a port VID, nor a port VID which is associated with an input port, nor 
especially that a provider VID is a port VID associated with the input port. 
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Regarding claim 8, Applicant disputes the assertion that De Silva discloses an edge 
switch determining a security action for a packet based on the user VLAN tag. The cited 
paragraph [0062] of De Silva does not describe any form of security actions, nor that such 
actions are based on a user VLAN tag. 

Claims 12 and 14 (including independent claim 12) were rejected under 35 U.S. C. § 103 
as being unpatentable over De Silva and Hurren et al. (US 6,788,681) in view of Shankar. 

Hurren discloses a method and apparatus for providing a Virtual Private Network (VPN) 
over a connectionless network by connecting a plurality of Local Area Networks (LANs) 
(Hurren Abstract). The frame in the VPN may include a priority field 404, which includes a 
discharge eligibility field 418 and a CoS indicator field (Hurren column 14, lines 55-62; FIG. 4). 
The discard eligibility field may allow a frame to be discarded in times of congestion and the 
CoS indicator field may define up to eight classes of data (Hurren column 14, lines 55-62; FIG. 
4). 

In contrast, independent claim 12 sets forth: 

A system for processing packets sent to a provider network, the system 
comprising: 

. . . wherein a service level is provided in relation to traffic flowing through said 
tunnel which provides a security action of dropping the packet or forwarding the packet 
to management software, 

wherein the security action is determined based on the user VLAN tag. 

Applicant submits that the addition of Hurren does not overcome the deficiencies of De 
Silva or Shankar as to teach or suggest each and every element of the rejected claims 12 and 14. 
Specifically, Hurren fails teach "wherein the security action is determined based on the user 
VLAN tag" as claimed in claim 12. In addition, neither De Silva, Shankar, nor Hurren teach or 
suggest "wherein a service level is provided in relation to traffic flowing through said tunnel 
which provides a security action of dropping the packet or forwarding the packet to management 
software," as claimed in claim 12 and it would not be obvious to a person skilled in the arts to do 
so. 
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Hurren fails to disclose a security action of dropping the packet or forwarding the packet 
to management software for further analysis as claimed in claim 12 (Application page 7, line 23). 
Instead, Hurren discloses a discard eligibility field to discard a packet where congestion occurs 
(Hurren column 14, lines 55-62). Dropping packets due to congestion differs in functionality 
from dropping packets for security issues and uses different logic. For example, if an excessive 
number of packets are sent to a network device, an enabled discard eligibility field on some of 
the packets may cause those packets to be discarded when the network device exceeds a 
threshold congestion level to relieve the congestion. In contrast, a security action may evaluate 
the packet contents based on a service level and a packet threat model, which indicates packets 
that could jeopardize the security and stability of the network device. The security action can 
drop a suspect packet to eliminate the security threat, regardless of congestion levels. A discard 
eligibility field is not a security action or mechanism, and a discard eligibility field does not 
generate a security action as in claim 12. In addition, Hurren fails to disclose a security action 
relative to the frame, and it would not be obvious to do so as asserted by the Examiner. 
Congestion and security are both problems associated with networks, but each problem uses 
different and distinct solutions. Moreover, Hurren fails to disclose forwarding the packet to 
management software for further analysis. Thus, Hurren fails to disclose a security action of 
dropping the packet or forwarding the packet to management software as claimed in claim 12. 

Thus, the combination of De Silva and Hurren do not teach or suggest each of the 
elements in the independent claim 12. Therefore, Applicants submit that the rejection of 
independent claim 12 and dependent claim 14 under § 103(a) should be overturned. 
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CONCLUSION 



In light of the above, Applicant respectfully submits that pending claims 1-8, 10-11, 16 
and 19 are in condition for allowance. Therefore, Applicant requests that the rejections and 
objections be withdrawn, and that the claims be allowed and passed to issue. If any impediment 
to the allowance of these claims remains after entry of this Amendment, the Examiner is strongly 
encouraged to call Steve Perry at (801) 566-6633 so that such matters may be resolved as 
expeditiously as possible. 

No claims were added or canceled. Therefore, no additional claim fee is due. 

The Commissioner is hereby authorized to charge any additional fee or to credit any 
overpayment in connection with this Amendment to Deposit Account No. 08-2025. 



DATED this 18th day of November, 2009. 

Respectfully submitted, 
/Steve M. Perry/ 



Steve M. Perry 
Attorney for Applicant 
Registration No. 45357 
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Intellectual Property Administration 
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